1. Enforcing Custom User Attributes Defaults

    TypeScript

    In Pulumi, custom user attributes can be used to extend the schema of a user entity in various identity services such as Okta, AWS Cognito, or Keycloak, to store additional information about users. Enforcing custom user attribute defaults typically involves setting specific values that should be applied to those attributes when new users are created or when the user data is updated but doesn't provide a value for those attributes.

    The following program demonstrates how to enforce custom user attribute defaults with AWS Cognito using Pulumi's TypeScript SDK. AWS Cognito is a user identity and data synchronization service that enables you to create unique identities for your users and authenticate them with standard and custom attributes.

    In this example, we create a new Cognito User Pool with custom attributes and set the defaults for these attributes. Custom attributes in Cognito begin with custom: and must be defined when the User Pool is created.

    import * as aws from "@pulumi/aws"; // Create a new AWS Cognito User Pool. const userPool = new aws.cognito.UserPool("myUserPool", { // The schema block allows for the definition of custom attributes schemas: [{ name: "custom:myCustomAttribute", attributeDataType: "String", // `mutable` indicates if the custom attribute can be updated mutable: true, // `required` determines if this attribute must be provided by the user required: false, stringAttributeConstraints: { // Define constraints for the custom attribute, if necessary minLength: "2", maxLength: "50", }, }], }); // User Pools can have Policies associated with them to define behavior // such as password strength, refresh tokens, etc. const userPoolPolicy = new aws.cognito.UserPoolPolicy({ userPoolId: userPool.id, // Define your policies here }); // Output the ID of the newly created User Pool export const userPoolId = userPool.id;

    In this program, we create a Cognito User Pool with a custom attribute called custom:myCustomAttribute. We set mutable to true to indicate that the attribute can be changed after the user is created, which is useful if the value should be able to be updated in the future.

    After creating a user in the User Pool, their 'default' value for this custom attribute can be set in the process of user creation. Currently, AWS Cognito does not support setting default values for attributes directly in the schema, so you would enforce these defaults at the application layer, either through your backend code or in a Lambda trigger that sets attributes' values during user sign-up.

    For more detailed information, you can visit the Cognito User Pool documentation.